bob_labla
New Member
I got this phishing email that is attempting to say they have hacked into my mail server.
I know it is nonsense because I don't run a mail server to be hacked. I just have e-mails from my domain.org forwarded to my google account.
My question is:
How do I prevent people from spoofing my domain like this. To most people it will look like a message like this came from me unless you look at the message details and you can see that it is not originating from my domain. I believe this person is a zoneedit customer as well. The message looks like it came from Brazil.
How should MX and TXT be setup to allow forwards but not allow others to spoof with my domain? Looks like SPF did nothing here to stop it.
I have changed items in bold to be generic.
ARC-Authentication-Results: i=1; mx.google.com;
spf=pass (google.com: domain of srs0=gylq=m5=mydomain.org=username@srszone.org designates 64.68.198.24 as permitted sender) smtp.mailfrom="SRS0=gyLq=M5=mydomain.org=username@srszone.org"
Return-Path: <SRS0=gyLq=M5=mydomain.org=username@srszone.org>
Received: from mxc02.zoneedit.com (mxc02.zoneedit.com. [64.68.198.24])
by mx.google.com with ESMTPS id g187-v6si11779960iof.28.2018.10.17.09.11.58
for <username@gmail.com>
(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
Wed, 17 Oct 2018 09:11:58 -0700 (PDT)
Received-SPF: pass (google.com: domain of srs0=gylq=m5=mydomain.org=username@srszone.org designates 64.68.198.24 as permitted sender) client-ip=64.68.198.24;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of srs0=gylq=m5=mydomain.org=username@srszone.org designates 64.68.198.24 as permitted sender) smtp.mailfrom="SRS0=gyLq=M5=mydomain.org=username@srszone.org"
Received: from 189-73-36-188.mganm703.e.brasiltelecom.net.br (unknown [189.73.36.188]) by mxc02.zoneedit.com (Postfix) with ESMTP id CB940877EB for <username@mydomain.org>; Wed, 17 Oct 2018 16:11:57 +0000 (UTC)
From: <username@mydomain.org>
To: <username@mydomain.org>
Subject: username@mydomain.org is hacked
Date: 17 Oct 2018 08:40:58 -0400
Message-ID: <001801d4661a$038cc88b$e31da6b2$@mydomain.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="ibm852"
Content-Transfer-Encoding: 8bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: Acab5anvc67qqw2xab5anvc67qqw2x==
Content-Language: en
I know it is nonsense because I don't run a mail server to be hacked. I just have e-mails from my domain.org forwarded to my google account.
My question is:
How do I prevent people from spoofing my domain like this. To most people it will look like a message like this came from me unless you look at the message details and you can see that it is not originating from my domain. I believe this person is a zoneedit customer as well. The message looks like it came from Brazil.
How should MX and TXT be setup to allow forwards but not allow others to spoof with my domain? Looks like SPF did nothing here to stop it.
I have changed items in bold to be generic.
ARC-Authentication-Results: i=1; mx.google.com;
spf=pass (google.com: domain of srs0=gylq=m5=mydomain.org=username@srszone.org designates 64.68.198.24 as permitted sender) smtp.mailfrom="SRS0=gyLq=M5=mydomain.org=username@srszone.org"
Return-Path: <SRS0=gyLq=M5=mydomain.org=username@srszone.org>
Received: from mxc02.zoneedit.com (mxc02.zoneedit.com. [64.68.198.24])
by mx.google.com with ESMTPS id g187-v6si11779960iof.28.2018.10.17.09.11.58
for <username@gmail.com>
(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
Wed, 17 Oct 2018 09:11:58 -0700 (PDT)
Received-SPF: pass (google.com: domain of srs0=gylq=m5=mydomain.org=username@srszone.org designates 64.68.198.24 as permitted sender) client-ip=64.68.198.24;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of srs0=gylq=m5=mydomain.org=username@srszone.org designates 64.68.198.24 as permitted sender) smtp.mailfrom="SRS0=gyLq=M5=mydomain.org=username@srszone.org"
Received: from 189-73-36-188.mganm703.e.brasiltelecom.net.br (unknown [189.73.36.188]) by mxc02.zoneedit.com (Postfix) with ESMTP id CB940877EB for <username@mydomain.org>; Wed, 17 Oct 2018 16:11:57 +0000 (UTC)
From: <username@mydomain.org>
To: <username@mydomain.org>
Subject: username@mydomain.org is hacked
Date: 17 Oct 2018 08:40:58 -0400
Message-ID: <001801d4661a$038cc88b$e31da6b2$@mydomain.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="ibm852"
Content-Transfer-Encoding: 8bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: Acab5anvc67qqw2xab5anvc67qqw2x==
Content-Language: en